Setting an HTTP(S) Endpoint to port 443 does not necessarily mean that all traffic will be encrypted. HTTP(S) Endpoints always expose ports 80 (HTTP) and 443 (HTTPS). Setting the port on an HTTP(S) Endpoint just determines the container port that the Endpoint forwards traffic to. See the HTTP(S) Endpoint Container Port documentation for more details.
In order to ensure traffic is encrypted when using an HTTP(S) Endpoint, you should set up HTTPS redirection which will redirect all HTTP connections to HTTPS (encrypted). This can be done by configuring the App with FORCE_SSL=true. See the HTTPS Redirection documentation for details on how the redirection works and how to configure the App.
As described in the HTTP(S) Endpoint Traffic documentation, the Endpoint handles HTTPS (TLS) termination for you and passes all traffic to your App containers as plain HTTP (unencrypted) thus freeing you up to focus on application development rather than managing and configuring HTTPS in your application. If your App’s Docker Image exposes both ports 80 and 443 you generally want to use port 80 as this is the standard port for HTTP (unencrypted) traffic.
Note that if your application is configured to redirect traffic on port 80 to port 443 and you configure the Endpoint to send traffic to port 80, any attempt to access the App will result in an infinite redirect loop. Disabling the redirect in your application will prevent this from happening.